Remote policy service
The remote policy service feature allows custom policy schemes beyond simple request and operation lookup to be implemented externally.
The hook is called after the standard request type and operation checks. If the hook returned an error the sign operation is denied.
The service response can be authenticated using a signature. To do so the service public key must be added to the
# config root
# List of authorized keys in Tezos Base58 format
// Base64 encoded raw incoming sign request
// Client address
// Requested public key hash in Tezos Base58 format
// Client public key hash in Tezos Base58 format. Presents only if the incoming sign request was authenticated
// One time nonce. Presents only if the policy service call is authenticated
// Must reflect the HTTP status code. The sign operation is allowed if the service returned 2xx
// An optional error message is the status code is not 2xx
// The key used to sign the reply
// The request nonce
// Payload signature in Tezos Base58 format
The signature is calculated from the
payload JSON object as it present in the request.
Non authenticated reply
Just the HTTP status code is inspected. The sign operation is allowed if the service returned 2xx